Web Blog_blogentry_121215_1


Stumbled On#

PrivacyLens gives users fine grained control of what information is sent from an identity provider to a service provider. It derives from, and augments the capabilities of uApprove. It is installed by embedding it into an existing installation of the Shibboleth Identity Provider.

uApprove is a User Consent Module for Shibboleth Identity Providers v2.x to enforce acceptance of terms of use and user attribute release consent. It serves the following purposes:

  • The user is informed about the release of his data (attributes) to a Service Provider (SP) when he accesses the SP for the first time or if his data changed.
  • The administrator of an Identity Provider (IdP)
    • can ask the user to accept an IdP's terms of use before accessing any services
    • gets a tool that implements data protection laws by enforcing user consent before personal user attributes are released to an SP
    • knows when a particular user gave consent to release which attribute and value to a particular SP

From the user's point of view, uApprove is an application which presents him a webpage, on which

  • he may have to accept or decline the Terms of Use of an Shibboleth Identity Provider upon first access to the system (this option can be disabled by configuration)
  • he can globally accept the release of all his/her attributes to any Service Provider
  • he has to accept the release of his/her attributes upon first access to a given Service Provider (if the global release has not been approved)
Shibboleth IdPv3 comes with built-in user consent that obsoletes uApprove!

More Information#

There might be more information for this subject on one of the following: ...nobody